podman

1
package buildah
2

3
import (
4
	"context"
5
	"fmt"
6
	"io"
7
	"time"
8

9
	"github.com/containers/buildah/pkg/blobcache"
10
	"github.com/containers/common/libimage"
11
	"github.com/containers/image/v5/docker/reference"
12
	"github.com/containers/image/v5/manifest"
13
	"github.com/containers/image/v5/pkg/compression"
14
	"github.com/containers/image/v5/transports"
15
	"github.com/containers/image/v5/types"
16
	encconfig "github.com/containers/ocicrypt/config"
17
	"github.com/containers/storage"
18
	"github.com/containers/storage/pkg/archive"
19
	digest "github.com/opencontainers/go-digest"
20
	"github.com/sirupsen/logrus"
21
)
22

23
// cacheLookupReferenceFunc wraps a BlobCache into a
24
// libimage.LookupReferenceFunc to allow for using a BlobCache during
25
// image-copy operations.
26
func cacheLookupReferenceFunc(directory string, compress types.LayerCompression) libimage.LookupReferenceFunc {
27
	// Using a closure here allows us to reference a BlobCache without
28
	// having to explicitly maintain it in the libimage API.
29
	return func(ref types.ImageReference) (types.ImageReference, error) {
30
		if directory == "" {
31
			return ref, nil
32
		}
33
		ref, err := blobcache.NewBlobCache(ref, directory, compress)
34
		if err != nil {
35
			return nil, fmt.Errorf("using blobcache %q: %w", directory, err)
36
		}
37
		return ref, nil
38
	}
39
}
40

41
// PushOptions can be used to alter how an image is copied somewhere.
42
type PushOptions struct {
43
	// Compression specifies the type of compression which is applied to
44
	// layer blobs.  The default is to not use compression, but
45
	// archive.Gzip is recommended.
46
	// OBSOLETE: Use CompressionFormat instead.
47
	Compression archive.Compression
48
	// SignaturePolicyPath specifies an override location for the signature
49
	// policy which should be used for verifying the new image as it is
50
	// being written.  Except in specific circumstances, no value should be
51
	// specified, indicating that the shared, system-wide default policy
52
	// should be used.
53
	SignaturePolicyPath string
54
	// ReportWriter is an io.Writer which will be used to log the writing
55
	// of the new image.
56
	ReportWriter io.Writer
57
	// Store is the local storage store which holds the source image.
58
	Store storage.Store
59
	// github.com/containers/image/types SystemContext to hold credentials
60
	// and other authentication/authorization information.
61
	SystemContext *types.SystemContext
62
	// ManifestType is the format to use
63
	// possible options are oci, v2s1, and v2s2
64
	ManifestType string
65
	// BlobDirectory is the name of a directory in which we'll look for
66
	// prebuilt copies of layer blobs that we might otherwise need to
67
	// regenerate from on-disk layers, substituting them in the list of
68
	// blobs to copy whenever possible.
69
	BlobDirectory string
70
	// Quiet is a boolean value that determines if minimal output to
71
	// the user will be displayed, this is best used for logging.
72
	// The default is false.
73
	Quiet bool
74
	// SignBy is the fingerprint of a GPG key to use for signing the image.
75
	SignBy string
76
	// RemoveSignatures causes any existing signatures for the image to be
77
	// discarded for the pushed copy.
78
	RemoveSignatures bool
79
	// MaxRetries is the maximum number of attempts we'll make to push any
80
	// one image to the external registry if the first attempt fails.
81
	MaxRetries int
82
	// RetryDelay is how long to wait before retrying a push attempt.
83
	RetryDelay time.Duration
84
	// OciEncryptConfig when non-nil indicates that an image should be encrypted.
85
	// The encryption options is derived from the construction of EncryptConfig object.
86
	OciEncryptConfig *encconfig.EncryptConfig
87
	// OciEncryptLayers represents the list of layers to encrypt.
88
	// If nil, don't encrypt any layers.
89
	// If non-nil and len==0, denotes encrypt all layers.
90
	// integers in the slice represent 0-indexed layer indices, with support for negative
91
	// indexing. i.e. 0 is the first layer, -1 is the last (top-most) layer.
92
	OciEncryptLayers *[]int
93

94
	// CompressionFormat is the format to use for the compression of the blobs
95
	CompressionFormat *compression.Algorithm
96
	// CompressionLevel specifies what compression level is used
97
	CompressionLevel *int
98
	// ForceCompressionFormat ensures that the compression algorithm set in
99
	// CompressionFormat is used exclusively, and blobs of other compression
100
	// algorithms are not reused.
101
	ForceCompressionFormat bool
102
}
103

104
// Push copies the contents of the image to a new location.
105
func Push(ctx context.Context, image string, dest types.ImageReference, options PushOptions) (reference.Canonical, digest.Digest, error) {
106
	libimageOptions := &libimage.PushOptions{}
107
	libimageOptions.SignaturePolicyPath = options.SignaturePolicyPath
108
	libimageOptions.Writer = options.ReportWriter
109
	libimageOptions.ManifestMIMEType = options.ManifestType
110
	libimageOptions.SignBy = options.SignBy
111
	libimageOptions.RemoveSignatures = options.RemoveSignatures
112
	libimageOptions.RetryDelay = &options.RetryDelay
113
	libimageOptions.OciEncryptConfig = options.OciEncryptConfig
114
	libimageOptions.OciEncryptLayers = options.OciEncryptLayers
115
	libimageOptions.CompressionFormat = options.CompressionFormat
116
	libimageOptions.CompressionLevel = options.CompressionLevel
117
	libimageOptions.ForceCompressionFormat = options.ForceCompressionFormat
118
	libimageOptions.PolicyAllowStorage = true
119

120
	if options.Quiet {
121
		libimageOptions.Writer = nil
122
	}
123

124
	compress := types.PreserveOriginal
125
	if options.Compression == archive.Gzip {
126
		compress = types.Compress
127
	}
128
	libimageOptions.SourceLookupReferenceFunc = cacheLookupReferenceFunc(options.BlobDirectory, compress)
129

130
	runtime, err := libimage.RuntimeFromStore(options.Store, &libimage.RuntimeOptions{SystemContext: options.SystemContext})
131
	if err != nil {
132
		return nil, "", err
133
	}
134

135
	destString := fmt.Sprintf("%s:%s", dest.Transport().Name(), dest.StringWithinTransport())
136
	manifestBytes, err := runtime.Push(ctx, image, destString, libimageOptions)
137
	if err != nil {
138
		return nil, "", err
139
	}
140

141
	manifestDigest, err := manifest.Digest(manifestBytes)
142
	if err != nil {
143
		return nil, "", fmt.Errorf("computing digest of manifest of new image %q: %w", transports.ImageName(dest), err)
144
	}
145

146
	var ref reference.Canonical
147
	if name := dest.DockerReference(); name != nil {
148
		ref, err = reference.WithDigest(name, manifestDigest)
149
		if err != nil {
150
			logrus.Warnf("error generating canonical reference with name %q and digest %s: %v", name, manifestDigest.String(), err)
151
		}
152
	}
153

154
	return ref, manifestDigest, nil
155
}
156